KEVIntel

Vulnerability detail

Enriched intelligence for a single CVE

PRO Back to KEVs

8.1

CVSS
High

CVE-2025-33071

PUBLISHED

Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability

Exploited in the wild Remote No user interaction

Vendor: Microsoft
Product: Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)
Published: Jun 10, 2025
EPSS: —

Automate this intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot sensor data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.

Weaknesses (CWE)

CWE-416

Use After Free, CWE-476 - NULL Pointer Dereference.

CVSS scores

CVSS v3.1 8.1 High

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Exploitation status

Exploited in the wild

Recorded 2025-06-11 07:01:39 UTC · Source

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33071

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
The Shadowserver (via CIRCL) First	2025-06-11 07:01 UTC

Timeline

CVE ID Reserved

2025-04-15 17:46 UTC
CVE Published to Public

2025-06-10 17:02 UTC
Added to KEVIntel

2025-06-11 07:01 UTC